9.3 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): NONE
WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the id_produto GET parameter, leading to full database compromise. In the script /html/matPat/restaurar_produto.php, the application retrieves the id_produto parameter directly from the $_GET global array and interpolates it directly into two SQL query strings without any sanitization, type-casting (e.g., (int)), or using parameterized (prepare/execute) statements. This issue has been fixed in version 3.6.6.
References
- https://github.com/LabRedesCefetRJ/WeGIA/pull/1457 x_refsource_MISC
- https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.6 x_refsource_MISC
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qg95-x997-66wq x_refsource_CONFIRM
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qg95-x997-66wq exploit
Affected products
- ==< 3.6.6
Matching in nixpkgs
pkgs.perlPackages.SnowballNorwegian
Porters stemming algorithm for norwegian
pkgs.perl5Packages.SnowballNorwegian
Porters stemming algorithm for norwegian
pkgs.perl538Packages.SnowballNorwegian
Porters stemming algorithm for norwegian
pkgs.perl540Packages.SnowballNorwegian
Porters stemming algorithm for norwegian